2

I have a simple program program in assembly 

.text
.globl _start
_start:
        movl $1, %eax
        movl $1, %ebx
        int $0x80

I have assembled it. I have dumped the content of it as below

root@bt:~# objdump -d out     
out:     file format elf32-i386
Disassembly of section .text:

08048054 <_start>:
 8048054:       b8 01 00 00 00          mov    $0x1,%eax
 8048059:       bb 01 00 00 00          mov    $0x1,%ebx
 804805e:       cd 80                   int    $0x80

Now my question is, can I get back the mnemonics given only the below machine code \xb8\x01\x00\x00\x00\xbb\x01\x00\x00\x00\xcd\x80

4

2 回答 2

5

如何反汇编原始 x86 代码

做你的具体例子,这对我有用(在 Linux 机器上,使用 GNU 工具链):

printf '\xb8\x01\x00\x00\x00\xbb\x01\x00\x00\x00\xcd\x80' > /tmp/binary
objdump -D -b binary -mi386 /tmp/binary

以此作为选项的简短文档:

           [-D|--disassemble-all]
           [-b bfdname|--target=bfdname]
           [-m machine|--architecture=machine]

i386 指定目标。我必须从原始示例命令中删除 addr16 和 data16 ,否则这将不起作用。

于 2013-07-16T17:13:32.880 回答
3

你只需要告诉objdump你想要对一个普通的二进制文件进行操作:

$ hexdump -vC binaryFile
00000000  b8 01 00 00 00 bb 01 00  00 00 cd 80              |............|
0000000c
$ objdump -D -b binary -m i386 binaryFile 

binaryFile:     file format binary


Disassembly of section .data:

00000000 <.data>:
   0:   b8 01 00 00 00          mov    $0x1,%eax
   5:   bb 01 00 00 00          mov    $0x1,%ebx
   a:   cd 80                   int    $0x80
于 2013-07-16T17:02:00.533 回答